Whoever christened the WikiLeaks saga the first major war over the internet was right. Quite apart from what you’re seeing in the mainstream media, the internet equivalent of a shooting war has broken out and shows no signs of dying down.
The online group Anonymous – usually, but somewhat erroneously christened “hacker activists” by the mainstream media – have launched a series of attacks on the websites of those associated with the campaign against Wikileaks and Julian Assange. Targets under “Operation Payback”, coordinated via an IRC channel and Twitter, have included Joe Lieberman’s website, Sarah Palin’s website and the website of the Swedish prosecution service responsible for handling the s-xual assault case against Assange.
In the last 24 hours, however, it’s stopped being quite so symbolic. Yesterday Anonymous coordinated a distributed denial of service attack on Mastercard’s corporate website, www.mastercard.com, and took it offline for several hours. More to the point, the attacks took Mastercard’s Securecode service offline as well, preventing transactions from being processed. The website has since got back online.
This morning it was Visa’s turn. Anonymous gave a full hour’s notice via its Twitter account @Anon-Operation that it was going to target Visa. At 8am, the tweet went out:
“TARGET: WWW.VISA.COM: FIRE FIRE FIRE!!! WEAPONS.”
They didn’t miss. The Visa site went down almost instantly, and stayed down for nearly three hours.
Twitter had by this stage woken up to the fact that its service was being used to coordinate DDOS attacks and suspended @anon_operation (Facebook had removed another Anonymous-related page earlier in the day). Anonymous was already using multiple accounts and immediately created another one, @anonops. Twitter’s action prompted participants to turn their attention to the service itself, and Twitter itself came under fire.
At that point, Anonymous appeared to secure a significant victory. Twitter was said to have advised that the deletion was “accidental” and restored the suspended account (minus previous tweets), although another ANonymous-related account remained suspended. The new account, @anonops, continued to operate. The attack on Twitter was then called off, and www.visa.com briefly went down again as the attack as redirected back at Visa.
A short while later the group declared via @anonops “IRC is not secure do not use unauthorized channels for operation #payback. We will announce next target here!! http://bit.ly/1hSngD #anonops”. Presumably law enforcement agencies had by this stage accessed the channel (it’s accessible if you know whom to ask and are happy to have the Federal Police start paying attention to you).
Meantime, in an unrelated development, PayPal had succumbed to criticism and released donations to Wikileaks.
Throughout, the mainstream media desperately tried to keep up. “Do you know more? email us” implored Fairfax, whose journalists took to haunting the birthplace of Anonymous, the 4chan site (warning – DEFINITELY NSFW) to find out what was going on. The coverage looked all a bit redundant, though, given much of what was going on was being played out under the Twitter hashtag #anonops.
This may look like a bunch of kids fooling around on the internet (one tweeter compared it to a “geek action movie”) but it’s altogether more serious than that. In the space of 24 hours two of the world’s key transactional sites have been taken offline. In the case of Visa, the company was actually given warning that it would be attacked, and yet it was still taken down for several hours. If we’re talking “critical infrastructure”, as per the WikiLeaks cables of earlier this week, we’ve had a clear demonstration of where it is on the internet.
This is the flipside of war against WikiLeaks being waged by the US Government and its proxies. Taking away its access to servers and taking away its financial conduits has undoubtedly harmed the organization – probably more so than arresting Julian Assange. It shows that, for all the decentralization of the internet, you can exploit the corporate control of key elements of the internet, particularly of financial transactions, to inconvenience or disrupt the operations of even an online entity. The further the balance tips toward private, corporate control of key online systems, the easier it becomes for governments – and other forces of centralised control, like large companies – to strike back at online opponents.
But it cuts both ways. The fragility of those transactional systems is suddenly on display with the successful attacks on Visa and Mastercard. Private control of key systems can be a vulnerability as well as a strength. And what’s been happening to key transactional systems in Australia in recent days? No one targeted NAB’s website – it managed to take itself offline without any help from “hacktivists”, causing massive financial disruption to its customers.
We’ve become dependent on online systems that are assumed to be both secure and resilient. Suddenly they look fragile, capable of disruption not just at the hands of Anonymous, but because of under-investment, or incompetence, or a single corrupted file.
There’ll doubtless be a lot of rubbish written about the Anonymous attacks, from both sides, in coming hours and days. There’ll be a strong sense of “the internet has fought back” from supporters, and law enforcement-flavoured outrage from opponents, governments and the mainstream media.
But at least one lesson is already clear – on the internet, the “critical infrastructure” may not be as resilient and stable as we all assume it is.